Re: [Zenloadbalancer-support] Passthrough Real IP

[Mathieu Chateau]

You need to collect it in you web server config log

Cordialement,
Mathieu CHATEAU
http://www.lotp.fr

2016-10-06 20:52 GMT+02:00 Aaron Echols :

> That’s interesting, as this is in the documentation:
>
>
>
> Note that in the HTTP farms profile, the HTTP header X-Forwarded-For is
> included by default with the IP client address data.
>
>
>
> What would be the issue then?
>
>
>
> *From:* Mathieu Chateau [mailto:mathieu.chat...@lotp.fr]
> *Sent:* Tuesday, September 27, 2016 10:50 PM
> *To:* zenloadbalancer-support
>
> *Subject:* Re: [Zenloadbalancer-support] Passthrough Real IP
>
>
>
> Hello,
>
>
>
> in http farm, you can use x-forwarded-for to log real ip.
>
> ZLB add it in http header
>
>
>
>
> Cordialement,
> Mathieu CHATEAU
> http://www.lotp.fr
>
>
>
> 2016-09-25 21:24 GMT+02:00 Aaron Echols :
>
> Yeah, but I'm using SSL offloading, I'll lose that with that setup. I
> don't really feel like managing certs in multiple locations. Is there any
> other workaround? Thank you :-)
>
> On Sep 25, 2016 12:19 PM, Emilio Campos 
> wrote:
>
> Dear Aaron, as Chris replied you, the solution is to use DNAT with L4xNAT
> profile, more information in the official documentation:
>
>
>
> Have a look here and check DNAT section:
>
> https://www.zenloadbalancer.com/knowledge-base/enterprise-
> edition-v3-04-administration-guide/enterprise-edition-v3-
> 04-l4xnat-profile-farms/
>
>
>
> Once  you apply this your backends will use the Load Balancer as gateway,
> it means that the backend ips will be known out of the  backend network, so
> you have to apply once of those sections:
>
>
>
> 1.- Make new route rules in your network for the backend network in order
>  to be routed along the other networks.
>
> 2.- Create a special NAT rule in the load balancer. There is a special
> file where to setup special routes and rules:
>
> - Edit the file */usr/local/zenloadbalancer/config/zlb-start* and include
> the rule:
>
> /sbin/iptables -t nat -A POSTROUTING -s  -d
>  -o  -j MASQUERADE
>
> Where:
>
> -s  is the source ip subnet in the form 192.168.0.0/24,
> where the backends are located.
>
> -d  is the destination address and it's an optional
> parameter.
>
> -o  is the output interface where to perform the masquerade,
> (ex: eth0)
>
>
>
> I hope it helps you
>
>
>
> 2016-09-22 23:01 GMT+02:00 Aaron Echols :
>
> They are pointing directly to the default gateway for that network. L
>
>
>
> *From:* Chris Muench [mailto:cmue...@gmail.com]
> *Sent:* Thursday, September 22, 2016 1:57 PM
> *To:* Aaron Echols
> *Subject:* Re: [Zenloadbalancer-support] Passthrough Real IP
>
>
>
> Hey,
>
> I know other load balancer products the server has to use as its default
> gateway the ip that the lb has on whatever network they share.
>
>
>
> So server1 is 10.1.1.50 gw of 10.1.1.1
>
> Lb is 10.1.1.10
>
>
>
> Change server gw to 10.1.1.10
>
>
>
> Try that. Obviously do it during a maint window since it may not work :)
>
>
>
> Sent from my BlackBerry 10 smartphone on the Verizon
> Wireless 4G LTE network.
>
> *From: *Aaron Echols
>
> *Sent: *Thursday, September 22, 2016 1:35 PM
>
> *To: *zenloadbalancer-support@lists.sourceforge.net
>
> *Reply To: *zenloadbalancer-support@lists.sourceforge.net
>
> *Subject: *[Zenloadbalancer-support] Passthrough Real IP
>
>
>
> Is there a way to pass through the Real IP vs the Virtual IP from the
> loadbalancers? I’m trying to track down some rogue users hammering on the
> backend servers, but they are only showing the VIP’s. Thank you J
>
>
>
>
>
>
> 
> --
>
> ___
> Zenloadbalancer-support mailing list
> Zenloadbalancer-support@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support
>
>
>
>
>
> --
>
> Load balancer distribution - Open Source Project
> http://www.zenloadbalancer.com
> Distribution list (subscribe): zenloadbalancer-support@lists.
> sourceforge.net
>
>
> 
> --
>
> ___
> Zenloadbalancer-support mailing list
> Zenloadbalancer-support@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support
>
>
>
> 
> --
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
> ___
> Zenloadbalancer-support mailing list
> Zenloadbalancer-support@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support
>
>
--
Check out the vibrant tech community on one of the world's most 
engaging tech sites, SlashDot.org! 

Re: [Zenloadbalancer-support] Connect to Farm with wrong IP. Here MySQL

[Frank Liebelt]

Hi Emilio,

i tried to add three routes for each SQL Backend Server and it worked fine.

sql-data1 172.28.172.2255.255.255.255 UGH   0  00 eth4
sql-data2 172.28.172.2255.255.255.255 UGH   0  00 eth4
sql-data3 172.28.172.2255.255.255.255 UGH   0  00 eth4
172.28.172.0*   255.255.255.252 U 0  00 eth4

The problem is now, that this settings did not replicate to the second node.
Manually add them also did not work because the interfaces are down until the 
secondary node is in standby.

I think it would be a nice feature to setup extra gateways within the webpage.
Frank

Von: Emilio Campos [mailto:emilio.campos.mar...@gmail.com]
Gesendet: Donnerstag, 6. Oktober 2016 03:27
An: zenloadbalancer-support@lists.sourceforge.net
Betreff: Re: [Zenloadbalancer-support] Connect to Farm with wrong IP. Here MySQL

He system is using the network you configured as default gw because your mysql 
backend is not reachable directlry from some of your configured farms, that is 
a normal behaviour,  try with a POSTROUTING rule:

iptables -t nat -I POSTROUTING --destination /32 -j SNAT 
--to-source 

Enter as rules as backends.

If you want to configure rules as persistent then use 
/usr/local/zenloadbalancer/config/zlb-start file

Please apply and let me know.

BTW: Also you could try to enter an additional route in the default route table.

route add -host   gw 172.28.172.2

Regards

2016-10-05 16:52 GMT+02:00 Frank Liebelt 
>:
Hi all,

it has taken some time. Now I have a new setup on my cluster but get still the 
same effect.


eth0 192.168.109.241 255.255.255.0 up
eth0:ha  192.168.109.240 255.255.255.0 up
...
eth4 172.28.172.1   255.255.255.252GW 172.28.172.2 up
eth5 172.28.172.5   255.255.255.252GW 172.28.172.6 up
eth6 172.28.172.9   255.255.255.252GW 172.28.172.10 up
eth7 172.28.172.13 255.255.255.252GW 172.28.172.14 up

Default Gateway is set to: 192.168.109.254


Cluster:

Zen latency is UP on LB-L-01 192.168.109.241 | Zen latency is UP on LB-l-02 
192.168.109.242
Cluster IP 192.168.109.240 is active on LB-L-01
Zen Inotify is running on LB-L-01


The configured mysql farm runs on eth4. Connections through eth4 are working, 
but the SQL Server denies the access because of a wrong source IP.
Expected is 172.28.172.1 but given is the real IP of the current master. 
Currently 192.168.109.241.

Here is the routing table that was autoamtically created on setup the cluster.

Destination Router  Genmask Flags Metric RefUse Iface
default 192.168.109.254 0.0.0.0 UG0  00 eth0
172.28.172.0*   255.255.255.252 U 0  00 eth4
172.28.172.4*   255.255.255.252 U 0  00 eth5
172.28.172.8*   255.255.255.252 U 0  00 eth6
172.28.172.12   *   255.255.255.252 U 0  00 eth7
localnet*   255.255.255.0   U 0  00 eth0


I am getting really frustated. Why the cluster routes the request not over eth4.

Any ideas?


regards
Frank




Hi Frank,

Please check your routing table on each appliance. It seem that your routed 
interface to 172.28.10.1 is eth0, not eth4. You can share the routing table too.

Best regards,

On Fri, Aug 19, 2016 at 6:21 PM, Frank Liebelt 
> wrote:

Hi all,



i set up a cluster and configured one farm.

The farm profile is set to lx4nat.

Protocol TCP, NAT is SNAT.



When I use the Farm IP for connect to an MySQL Cluster, it will not pass the IP 
of the farm to the MySQL server. It is always the eth0 IP of the currently 
active load balancer.

For my understanding, i should connect to the MySQL Server with the IP address 
of eth4. Like described in the manual.



MySQL Client -> FarmIP 192.168.100.230 -> RealServer -> 172.28.10.1

MySQL shows connection from 192.168.100.101 not 192.168.100.230



Any suggestions what goes wrong?



Here is my setup:



LB Community Edition 3.10.1



Appliance 1 (active):

eth0: 192.168.100.101

eth0:ha 192.168.100.100

eth4: 192.168.100.230 (Farm)



Appliance 2:

eth0: 192.168.100.102

eth0:ha 192.168.100.100

eth4: 192.168.100.230 (Farm)



The Replication between the two appliance is working well.



regards

Frank Liebelt


--

___
Zenloadbalancer-support mailing list
Zenloadbalancer-support@lists.sourceforge.net